dovecot-1.2: Cleanups and fixes to auth-master API.

Sat Nov 1 14:49:35 EET 2008

details:   http://hg.dovecot.org/dovecot-1.2/rev/9babcdc6f4f7
changeset: 8368:9babcdc6f4f7
user:      Timo Sirainen <tss at iki.fi>
date:      Sat Nov 01 14:20:36 2008 +0200
description:
Cleanups and fixes to auth-master API.

diffstat:

6 files changed, 352 insertions(+), 241 deletions(-)
src/deliver/Makefile.am    |    1 
src/deliver/auth-client.c  |   71 +++---
src/deliver/auth-client.h  |    5 
src/deliver/deliver.c      |   24 +-
src/lib-auth/auth-master.c |  481 +++++++++++++++++++++++++++-----------------
src/lib-auth/auth-master.h |   11 -

diffs (truncated from 804 to 300 lines):

diff -r 0d49326397b4 -r 9babcdc6f4f7 src/deliver/Makefile.am

--- a/src/deliver/Makefile.am	Sat Nov 01 14:15:00 2008 +0200
+++ b/src/deliver/Makefile.am	Sat Nov 01 14:20:36 2008 +0200
@@ -4,6 +4,7 @@ pkglibexec_PROGRAMS = deliver
 
 AM_CPPFLAGS = \
 	-I$(top_srcdir)/src/lib \
+	-I$(top_srcdir)/src/lib-auth \
 	-I$(top_srcdir)/src/lib-dict \
 	-I$(top_srcdir)/src/lib-mail \
 	-I$(top_srcdir)/src/lib-index \
diff -r 0d49326397b4 -r 9babcdc6f4f7 src/deliver/auth-client.c
--- a/src/deliver/auth-client.c	Sat Nov 01 14:15:00 2008 +0200
+++ b/src/deliver/auth-client.c	Sat Nov 01 14:20:36 2008 +0200
@@ -9,15 +9,13 @@
 #include "env-util.h"
 #include "restrict-access.h"
 #include "auth-client.h"
-#include "../lib-auth/auth-master.h"
+#include "auth-master.h"
 
 #include <stdlib.h>
 #include <unistd.h>
 #include <pwd.h>
 #include <grp.h>
 #include <sysexits.h>
-
-static int return_value;
 
 static bool parse_uid(const char *str, uid_t *uid_r)
 {
@@ -57,44 +55,51 @@ static bool parse_gid(const char *str, g
 	return TRUE;
 }
 
-static void set_env(struct auth_user_reply *reply, const char *user, uid_t euid)
+static int set_env(struct auth_user_reply *reply,
+		   const char *user, uid_t euid)
 {
 	const char *extra_groups;
 	unsigned int len;
 
 	if (reply->uid == 0) {
 		i_error("userdb(%s) returned 0 as uid", user);
-		return;
+		return -1;
 	} else if (reply->uid == (uid_t)-1) {
 		if (getenv("MAIL_UID") != NULL) {
-			if (!parse_uid(getenv("MAIL_UID"), &reply->uid) || reply->uid == 0) {
+			if (!parse_uid(getenv("MAIL_UID"), &reply->uid) ||
+			    reply->uid == 0) {
 				i_error("mail_uid setting is invalid");
-				return;
+				return -1;
 			}
 		} else {
 			i_error("User %s is missing UID (set mail_uid)", user);
-			return;
+			return -1;
 		}
 	}
 	if (reply->gid == 0) {
 		i_error("userdb(%s) returned 0 as gid", user);
-		return;
+		return -1;
 	} else if (reply->gid == (gid_t)-1) {
 		if (getenv("MAIL_GID") != NULL) {
-			if (!parse_gid(getenv("MAIL_GID"), &reply->gid) || reply->gid == 0) {
+			if (!parse_gid(getenv("MAIL_GID"), &reply->gid) ||
+			    reply->gid == 0) {
 				i_error("mail_gid setting is invalid");
-				return;
+				return -1;
 			}
 		} else {
 			i_error("User %s is missing GID (set mail_gid)", user);
-			return;
+			return -1;
 		}
 	}
 
-	if (euid != reply->uid)
-		env_put(t_strconcat("RESTRICT_SETUID=", dec2str(reply->uid), NULL));
-	if (euid == 0 || getegid() != reply->gid)
-		env_put(t_strconcat("RESTRICT_SETGID=", dec2str(reply->gid), NULL));
+	if (euid != reply->uid) {
+		env_put(t_strconcat("RESTRICT_SETUID=",
+				    dec2str(reply->uid), NULL));
+	}
+	if (euid == 0 || getegid() != reply->gid) {
+		env_put(t_strconcat("RESTRICT_SETGID=",
+				    dec2str(reply->gid), NULL));
+	}
 
 	if (reply->chroot == NULL)
 		reply->chroot = getenv("MAIL_CHROOT");
@@ -116,40 +121,32 @@ static void set_env(struct auth_user_rep
 		env_put(t_strconcat("RESTRICT_SETEXTRAGROUPS=",
 				    extra_groups, NULL));
 	}
-
-	return_value = EX_OK;
+	return 0;
 }
 
 int auth_client_lookup_and_restrict(const char *auth_socket,
-				    const char *user, uid_t euid,
-				    pool_t pool,
-				    ARRAY_TYPE(string) **extra_fields_r)
+				    const char *user, uid_t euid, pool_t pool,
+				    ARRAY_TYPE(const_string) *extra_fields_r)
 {
         struct auth_connection *conn;
-	struct auth_user_reply *reply;
+	struct auth_user_reply reply;
 	bool debug = getenv("DEBUG") != NULL;
+	int ret = EX_TEMPFAIL;
 
 	conn = auth_master_init(auth_socket, debug);
-	reply = i_new(struct auth_user_reply, 1);
-
-	return_value = EX_TEMPFAIL;
-
-	switch (auth_master_user_lookup(conn, user, "deliver", pool, reply)) {
-	case -1:
-		break;
+	switch (auth_master_user_lookup(conn, user, "deliver", pool, &reply)) {
 	case 0:
-		return_value = EX_NOUSER;
+		ret = EX_NOUSER;
 		break;
 	case 1:
-		set_env(reply, user, euid);
-		if (return_value == EX_OK)
+		if (set_env(&reply, user, euid) == 0) {
 			restrict_access_by_env(TRUE);
+			ret = EX_OK;
+		}
 		break;
 	}
-	
-	*extra_fields_r = reply->extra_fields;
-	i_free(reply);
+
+	*extra_fields_r = reply.extra_fields;
 	auth_master_deinit(conn);
-
-	return return_value;
+	return ret;
 }
diff -r 0d49326397b4 -r 9babcdc6f4f7 src/deliver/auth-client.h
--- a/src/deliver/auth-client.h	Sat Nov 01 14:15:00 2008 +0200
+++ b/src/deliver/auth-client.h	Sat Nov 01 14:20:36 2008 +0200
@@ -2,8 +2,7 @@
 #define AUTH_CLIENT_H
 
 int auth_client_lookup_and_restrict(const char *auth_socket,
-				    const char *user, uid_t euid,
-				    pool_t pool,
-				    ARRAY_TYPE(string) **extra_fields_r);
+				    const char *user, uid_t euid, pool_t pool,
+				    ARRAY_TYPE(const_string) *extra_fields_r);
 
 #endif
diff -r 0d49326397b4 -r 9babcdc6f4f7 src/deliver/deliver.c
--- a/src/deliver/deliver.c	Sat Nov 01 14:15:00 2008 +0200
+++ b/src/deliver/deliver.c	Sat Nov 01 14:20:36 2008 +0200
@@ -75,7 +75,7 @@ static void sig_die(int signo, void *con
 	   which is too common at least while testing :) */
 	if (signo != SIGINT)
 		i_warning("Killed with signal %d", signo);
-	io_loop_stop(ioloop);
+	io_loop_stop(current_ioloop);
 }
 
 static const char *deliver_get_address(struct mail *mail, const char *header)
@@ -774,13 +774,13 @@ static void expand_envs(const char *user
 	}
 }
 
-static void putenv_extra_fields(ARRAY_TYPE(string) *extra_fields)
-{
-	char **fields;
+static void putenv_extra_fields(const ARRAY_TYPE(const_string) *extra_fields)
+{
+	const char *const *fields;
 	const char *key, *p;
 	unsigned int i, count;
 
-	fields = array_get_modifiable(extra_fields, &count);
+	fields = array_get(extra_fields, &count);
 	for (i = 0; i < count; i++) {
 		p = strchr(fields[i], '=');
 		if (p == NULL)
@@ -798,7 +798,7 @@ int main(int argc, char *argv[])
 	const char *mailbox = "INBOX";
 	const char *auth_socket;
 	const char *home, *destaddr, *user, *value, *errstr, *path;
-	ARRAY_TYPE(string) *extra_fields;
+	ARRAY_TYPE(const_string) extra_fields = ARRAY_INIT;
 	struct mail_user *mail_user, *raw_mail_user;
 	struct mail_namespace *raw_ns;
 	struct mail_storage *storage;
@@ -814,7 +814,7 @@ int main(int argc, char *argv[])
 	bool user_auth = FALSE;
 	time_t mtime;
 	int i, ret;
-	pool_t userdb_pool;
+	pool_t userdb_pool = NULL;
 
 	i_set_failure_exit_callback(failure_exit_callback);
 
@@ -945,8 +945,6 @@ int main(int argc, char *argv[])
 					  TRUE, version);
 	}
 
-	userdb_pool = pool_alloconly_create("userdb lookup replys", 512);
-
 	if (user_auth) {
 		auth_socket = getenv("AUTH_SOCKET_PATH");
 		if (auth_socket == NULL) {
@@ -957,6 +955,7 @@ int main(int argc, char *argv[])
 						  NULL);
 		}
 
+		userdb_pool = pool_alloconly_create("userdb lookup replys", 512);
 		ret = auth_client_lookup_and_restrict(auth_socket,
 						      user, process_euid,
 						      userdb_pool,
@@ -968,9 +967,10 @@ int main(int argc, char *argv[])
 		destaddr = user;
 
 	expand_envs(user);
-	putenv_extra_fields(extra_fields);
-
-	pool_unref(&userdb_pool);
+	if (userdb_pool != NULL) {
+		putenv_extra_fields(&extra_fields);
+		pool_unref(&userdb_pool);
+	}
 
 	/* Fix namespaces with empty locations */
 	for (i = 1;; i++) {
diff -r 0d49326397b4 -r 9babcdc6f4f7 src/lib-auth/auth-master.c
--- a/src/lib-auth/auth-master.c	Sat Nov 01 14:15:00 2008 +0200
+++ b/src/lib-auth/auth-master.c	Sat Nov 01 14:20:36 2008 +0200
@@ -1,53 +1,221 @@
 /* Copyright (c) 2005-2008 Dovecot authors, see the included COPYING file */
 
 #include "lib.h"
+#include "lib-signals.h"
 #include "array.h"
 #include "ioloop.h"
 #include "network.h"
 #include "istream.h"
 #include "ostream.h"
-#include "env-util.h"
-#include "restrict-access.h"
 #include "auth-master.h"
 
 #include <stdlib.h>
 #include <unistd.h>
-#include <pwd.h>
-#include <grp.h>
-#include <sysexits.h>
-
-#define AUTH_REQUEST_TIMEOUT 60
+
+#define AUTH_PROTOCOL_MAJOR 1
+#define AUTH_PROTOCOL_MINOR 0
+
+#define AUTH_REQUEST_TIMEOUT_SECS 30
+#define AUTH_MASTER_IDLE_SECS 60
+
 #define MAX_INBUF_SIZE 8192
-#define MAX_OUTBUF_SIZE 512
+#define MAX_OUTBUF_SIZE 1024
 
 struct auth_connection {
+	char *auth_socket_path;
+
 	int fd;
-	struct timeout *to;
+	struct ioloop *ioloop;
 	struct io *io;
 	struct istream *input;
 	struct ostream *output;
-
-	struct ioloop *ioloop;
-	const char *auth_socket;
+	struct timeout *to;
+
+	unsigned int request_counter;
+	pool_t pool;
 	const char *user;
-	pool_t pool;
 	struct auth_user_reply *user_reply;
 	int return_value;
 
+	unsigned int debug:1;
